What is CUDA?
CUDA is NVidia's “Compute Unified Device Architecture” and is particularly useful to the forensic community for brute force password cracking. NVidia CUDA technology leverages the massive parallel processing power of NVidia GPUs. The CUDA architecture is a revolutionary parallel computing architecture that delivers the performance of NVidia's world-renowned graphics processor technology to general purpose GPU Computing. Applications that run on the CUDA architecture can take advantage of an installed base of over one hundred million CUDA-enabled GPUs in desktop and notebook computers, professional workstations, and supercomputer clusters.
With the CUDA architecture and tools, developers are achieving dramatic speedups in fields such as medical imaging and natural resource exploration, and creating breakthrough applications in areas such as image recognition and real-time HD video playback and encoding. CUDA enables this unprecedented performance via standard APIs such as the soon to be released OpenCL™ and DirectX® Compute, and high level programming languages such as C/C++, Fortran, Java, Python, and the Microsoft .NET Framework.
What is the Forensic Application?
Not all Forensic applications will benefit from this massive amount of computational power. One major application that wil is brute force password recovery. By employing Elcomsoft's Distributed Password Recovery (EDPR), the CUDA platform can be used to dramatically accelerate brute force password recovery. Elcomsoft Distributed Password Recovery employs a revolutionary, patent pending technology to accelerate password recovery when a compatible NVidia graphics card is present in addition to the CPU-only mode. The acceleration technology offloads parts of computational-heavy processing onto the fast and highly scalable processors featured in the NVidia's latest graphic accelerators. Additionally, EDPR also operates in a distributed environment where multiple workstations can work together to distribute the workload of a single task. Currently. EDPR supports the following file and password formats (GPU accelerated as noted):
- GPU Accelerated - Microsoft Word/Excel/PowerPoint/Project 2007 (.DOCX, .XLSX, .PPTX, .MSPX) (password recovery - "open" password only).
- Microsoft Word/Excel/PowerPoint XP/2003 (.DOC, .XLS, .PPT) (password recovery - "open" password only).
- Microsoft Word/Excel 97/2000 (.DOC, .XLS) (password recovery - "open" password only).
- Microsoft Word/Excel 97/2000 (.DOC, .XLS) (guaranteed decryption).
- Microsoft Money (password recovery).
- Microsoft OneNote (password recovery).
- OpenDocument (ODF): documents, spreadsheets, presentations, graphics/drawing, formulae (password recovery).
- GPU Accelerated - PGP disks with conventional encryption (.PGD), whole disk encryption.
- PGP zip archives (.PGP), self-decrypting archives (.EXE), secret key rings (.SKR) (password/passphrase recovery).
- Personal Information Exchange certificates - PKCS #12 (.PFX, .P12) (password recovery).
- Adobe Acrobat PDF files ("user" and "owner" password recovery).
- Adobe Acrobat PDF files with 40-bit encryption (guaranteed decryption).
- GPU Accelerated - Windows NT/2000/XP/2003/Vista logon passwords (LM/NTLM) (password recovery).
- Windows SYSKEY startup passwords (password recovery).
- GPU Accelerated - Windows DCC (Domain Cached Credentials) passwords (password recovery).
- UNIX users' passwords (password audit/recovery).
- Intuit Quicken (.QDF) (password recovery).
- Lotus Notes ID files (password recovery).
- GPU Accelerated - MD5 hashes (plaintext recovery).
- Oracle users' passwords (password audit/recovery).
- GPU Accelerated - WPA and WPA2 passwords (password recovery).
- TheBat! master passwords (masterkey.dat) and passwords to backups (*.tbk).
Click Here for an updated listing of all accelerated formats. Elcomsoft continues to work to provide additional GPU Acceleration for many of the file formats which are not already capable. Digital Intelligence has been working with Elcomsoft to identify customer requirements and further this endeavor. Elcomsoft's EDPR software is available for purchase. EDPR can be run in a distributed environment of up to 20 workstations (with, or without, CUDA capabilities).
FRED SC EDPR Super Computer Password Performance
Listed below are the benchmarks from the older GTX295 cards. The new GTX580 cards have shown us a 60% speed improvement over the GTX295's.
Baseline FRED SC Specifications
- 23 3/4" High, 8 3/8" Wide, 25 1/4" Deep - 100 lbs
- ATX Server Case: 12 x 5¼", 1500W Modular Power Supply
- i7 Motherboard with Intel Z77 Chipset
- Intel i7-3770 (Quad Processor), 3.5 Ghz, 8M Cache, 5 GT/s Intel QPI
- 16 GB PC3-12800 DDR3 1600 MHz Memory
- OS Drive - 1 x 300 GB 10,000 RPM SATA Hard Drive in Shock-Mounted tray
- Data Drive - 1 x 2.0 TB 7200 RPM SATA Hard Drive in Shock-Mounted tray
- BD-R/BD-RE/DVD±RW/CD±RW Blu-ray Burner Dual-Layer Combo Drive
- 4 x NVIDIA GTX-580 Water Cooled Video Cards, 1 GPU each with 512 Stream Processors and 1536 MB Memory per card
- 22” WideScreen LCD Monitor with Built-in Speakers
- Wireless 103 key Microsoft Keyboard and Mouse
- 4 x PCIe 3.0/2.0 x16 slots
- 2 x PCIe 2.0 x1 slots
- Integrated Graphics Processor
- Dual 10/100/1000 Mbs Intel GbE Network Adapters
- Dual Band Wi-Fi 802.11 a/b/g/n
- Bluetooth V4.0, Bluetooth V3.0+HS
- 8-Channel High Definition Realtek ALC898
- 6 x SATA 6Gb/s ports - 2 Intel, 4 Marvel
- 3 x SATA 3Gb/s ports - 3 Intel
- 1 x mini-SATA 3Gb/s port(s) with onboard 32GB SSD
- 2 eSATA Ports
- 2 USB 2.0 ports - 2 Back Mounted
- 7 USB 3.0 ports - 4 Back Mounted, 3 Front Mounted
- 1 x Thunderbolt port
- 1 x DisplayPort
- 1 x HDMI
- 3 x Native Shock Mounted SATA Removable Hard Drive Bays
- Microsoft Windows 8 Professional (Pre-Installed & Configured)